Messaging Abuse Reporting Format (MARF) Parameters2010-05-262015-01-27Feedback Report Header FieldsSpecification RequiredScott Kitterman, Murray KucherawyArrival-Datedate/time the original message was receivedNoanycurrentAuth-FailureType of email authentication method failureNoauth-failurecurrentAuthentication-Resultsresults of authentication check(s)YesanycurrentDelivery-ResultFinal disposition of the subject messageNoauth-failurecurrentDKIM-ADSP-DNSRetrieved DKIM ADSP recordNoauth-failurecurrentDKIM-Canonicalized-BodyCanonicalized body, per DKIMNoauth-failurecurrentDKIM-Canonicalized-HeaderCanonicalized header, per DKIMNoauth-failurecurrentDKIM-DomainDKIM signing domain from "d=" tagNoauth-failurecurrentDKIM-IdentityIdentity from DKIM signatureNoauth-failurecurrentDKIM-SelectorSelector from DKIM signatureNoauth-failurecurrentDKIM-Selector-DNSRetrieved DKIM key recordNoauth-failurecurrentFeedback-Typeregistered feedback report typeNoN/AcurrentIncidentsexpression of how many similar incidents are represented by this reportNoanycurrentOriginal-Mail-Fromemail address used in the MAIL FROM portion of the original SMTP transaction
NoanycurrentOriginal-Rcpt-Toemail address used in the RCPT TO portion of the original SMTP transaction
YesanycurrentReceived-Datedate/time the original message was received (replaced by "Arrival-Date")NoanyhistoricReported-Domaina domain name the report generator considers to be key to the
message about which a report is being generatedYesanycurrentReported-URIa URI the report generator considers to be key
to the message about which a report is being
generated
YesanycurrentReporting-MTAMTA generating this reportNoanycurrentSource-IPIPv4 or IPv6 address from which the original message
was received
NoanycurrentSPF-DNSRetrieved SPF recordNoauth-failurecurrentUser-Agentname and version of the program generating the reportNoanycurrentVersionversion of specification usedNoanycurrentSource-PortTCP source port from which the original message was receivedNoanycurrentIdentity-Alignmentindicates whether the message about which a report is
being generated had any identifiers in alignment as defined in
Noauth-failurecurrentFeedback Report Type ValuesSpecification RequiredScott Kitterman, Murray Kucherawyabuseunsolicited email or some other kind of email abusecurrentauth-failureemail authentication failure reportcurrentfraudindicates some kind of fraud or phishing activitycurrentnot-spamIndicates that the entity providing the report does not
consider the message to be spam. This may be used to correct a
message that was incorrectly tagged or categorized as spam.currentotherany other feedback that does not fit into other registered typescurrentvirusreport of a virus found in the originating messagecurrent